Flickr and Security (or lack thereof)

Update 16 December 2016: Yahoo has revealed a second separate breach that involves over 1,000,000,000 accounts… that’s right, a one followed by nine zeros! The breach of security has lead to the release of most of their user’s names, telephone numbers, dates of birth and other personal information. As all Flickr accounts are tied to Yahoo accounts the breach affects many Flickr users as well. If you aren’t going to delete your account and find a more secure service then at least change your password.


With news of Yahoo’s monumental security breach affecting many Flickr users, and the recent concerns over Flickr users copyrighted images being misused across the internet, one has to wonder if the old Flickr Helper adage that if you don’t want your images and information used then you shouldn’t upload them to the internet. While that might be feasible for our images it is not really practical in this day and age to hide yourself away from the internet completely.

If you are concerned about how this security breach affects you on Flickr, I suggest you read this thread in the Flickr Help Forum. If you are interested in the Class Action lawsuit filed against Yahoo for its negligence in handling private information see this article.

I won’t speak anymore about the security breach, but I did want to add some thoughts on the “jellyfields” copyright infringement issue.

Jellyfields is a third party website that uses content from Flickr for an image database. The issue is not that they use such content, but rather how they use it and how they are even able to do this. Many sites like Flickriver use content from Flickr, but they do so in a way that respects the copyright integrity of the images on Flickr as well as the settings of users (i.e. you can opt out of the 3rd party access). I personally like what Flickriver does. I do not like what Jellyfield does, but I also recognise that Flickr enables this by what on the surface appears as a misapplication of Open Graph tags on our photopages. Nevertheless, I am not sure yet if this is a Jellyfield only issue, a Flickr only issue, or they need to work together.

In effect Jellyfields is getting access to large sized images, even if user may have them set as not downloadable or even sharable, through the Open Graph tags on Flickr photopages. The main question is why does Flickr need to make such large images sizes available through Open Graph? Jellyfields is interpreting that any image tagged with Open Graph code is a thumbnail and as such subject to some sort of fair use doctrine. They then save a copy of these to their servers to create content for their own site. In their implementation they do provide linkback to the original photopage but the image you are seeing on Jellyfields are copies they host… orphaned to some degree by Flickr as they strip EXIF metadata including Copyright Management Information from the images displayed on Flickr!

My understanding of the Open Graph protocol (limited for sure) is that it is intended to aid users in sharing information to Facebook. In particular, it gives users some control how their content gets displayed on Facebook (think of the share feature Flickr offers). However, what Jellyfields seems to be doing is using Open Graph to share content intended for Facebook and other social networks to their own search database. In the process of using Open Graph, Jellyfields is actually making their own local copies of all rights reserved images in most cases. This even by the most liberal interpretation of the law is copyright infringement. Made all the more so since Jellyfields is doing this within a commercial context.

Flickr is currently discussing this issue with the Jellyfields developers. Jellyfields is trying to deal with the controversy by blaming users for not understanding they agreed to have their images stolen when they uploaded to Flickr (I am being facetious here, but you get the idea). Despite the bungled information campaign by the Jellyfields developers, they are respecting people’s wishes to remove images and exclude the user’s content from the site going forward.


  • Flickr needs to offer an answer as to why high resolution images need Open Graph tags.
  • Flickr needs to stop stripping Copyright Management Information from the images displayed on Flickr, as this aids copyright infringers.
  • Jellyfields needs to respect copyright… and saving any Flickr image to their server beyond a legitimate thumbnail is not respecting fair use doctrine and is copyright infringement in most cases.